Quantcast
Channel: SCN : All Content - Security
Viewing all 2858 articles
Browse latest View live

Error in ECATT command TCD PFCG

June 20, 2016, 3:07 am
$
0
0

hi all,

 

As i am having a requirement of creating 1000 roles so I am going with the  role automation using SECATT. I would like to follow the below procedure

 

 

step 1 .creation mass single roles using SECATT.

 

step 2. creation of mass derived roles using SECATT.

 

step 3. Assignment of roles to users using SECATT.

 

 

step 1:

 

1.creating  a single role.

 

2.Giving Text to role.

 

3.Adding Tcodes to role.

 

 

 

In step 1 i am able to create role but tcodes are not adding in to the role after execution of SEATT test configuration.as system is showing the below error in error log.

Ecatt_error_in_tcd_cmd_pfcg.png 

 

no tcodes.png

  I have done R&D the solution I got is try to rerecord the script again as i did so many times but no use.

  please help me to solve the issue.

 

  Regards,

  sravanti.

Search

Analysis Authorization issue

June 20, 2016, 4:59 pm
$
0
0

Hello,

 

 

We have assigned users access to AAs using S_RS_AUTH (BW 7.3).

The Auth show up correctly in RSECADMIN for the users under 'Role-Based' and they are all 'Active'.

 

The Auths have full access * and Aggregate :  value access to the relevant InfoObjects.

However, the user faces error for the said values. The Analysis Auth log in RSECADMIN asks for * values, which the user already has.

 

The 'Role-based' AAs do not show up in RSECUSERAUTH or RSECAUTHGENERATD.

I can see them in RSECBIAU.

 

How do I make sure that the values in the Role based AAs are populated correctly in the system tables and are assigned to the users correctly?

LSMW - Step by Step Procedure for Mass User Creation

June 22, 2016, 12:14 am
$
0
0

Hi All,

 

This document provides you the step by step procedure to do mass user creation or changes in SAP systems using LSMW.

 

We do use LSMW – Legacy system Migration Workbench to convert the legacy data as per our requirement in SAP system. Generally Customer, Material master data and Bill of Materials can be migrated.

 

We are going to see the mass user creation or changes in this document.

 

Step 1:

 

Open transaction LSMW. Here we need to create a new project, subproject and object. Click on the “New” Button and create a project with your desired naming convention.

 

 

 

Now execute the created project,

 

 

Maintain Object Attributes:


Here we would capture the sample changes in SU01 as a recording.

 

Execute the first step and Click on “Change”. Go for “Batch Input Recording” and click the “Recording Overview” icon at the right side.

 

 

You would need to create a New Recording by giving the suitable name and description,

 

 

Next give the transaction code as SU01,

 

 

Once you execute, it will take you to the next screen of SU01 to record. Let’s say here my requirement is to create five users (We can create as many as users possible).

 

 

I have created one test user thereby recorded the same for further user creations and once I save the creation then the below screen will appear,

 

 

Highlighted areas shows that those are the fields which can be changed and to be removed by editing for further inputs.

 

After removing the fields then following screen appears,

 

In this example I have removed the default “Last Name” and “SAP ID” fields.

 

 

Save the recording and give the name of the recording and save as below,

 

 

Maintain Source Structures:


In this step, we will have to create a source structure as below and name as you wish,

 

 

Maintain Source Fields:


In this step, we will have to do the table maintenance by clicking the highlighted icon,

 

 

Following screen will appear where provide the fields which you need,

 

As per my requirements, User Name(SAP ID), Last Name are the mandatory fields and this is the place where you will provide whether the field is alphanumerical or Numerical etc.

 

Length of the field and the description is mandatory.

 

 

Once you are done with it, your structure will have the following fields,

 

 

Save it and Proceed to next step.

 

Maintain Structure relations:


In this step just save the settings because already source structure TXTFILE is assigned to Target Structure of our recording SU01_REC.

 

 

Maintain Field Mapping and Conversion Rules:


In this step, you will have to click on “Source Field” after selecting the respective field “BNAME” and “LAST”.

 

 

 

You can skip the next field : “Maintain Fixed Values, Translations, User-Defined Routines”.

 

Specify Files:


Before proceeding with this step, we need to keep our legacy information handy. In my case following are the data with respect to user creation,

 

 

Save the data in “Notepad” as below,

 

 

Get into Change Mode and upload the file from your PC by double clicking on “On the PC (Front End)”.

 

Make sure that all the necessary settings as per the below screenshots are selected,

 

 

Save it and proceed to the next step.

 

Assign Files:


Edit and save it.

 

 

Read Data:


All the Data from Notepad will be read in this step,

 

 

Here four records are read,

 

 

Display Read Data:


Just press enter and save it. In this step all the read data will be shown,

 

 

Convert Data,


Execute it and view the content and proceed to next step,

 

 

 

Display Converted Data:


Execute it and view the converted content and proceed to next step,

 

 

Create Batch Input Session:


Execute and create a batch session,

 

 

 

Run Batch Input Session:


Select the session and Process it,

 

 

Make sure that the following settings are enabled and Process it.

 

It’s Done now. Once the Batch Input session completes then you will have the following screen.

 

 

Note : We can use this for any role level changes which are identical for all the roles and also user modifications.

 

Hope this document could have provided a better insight with respect to LSMW creation.

 

Regards,

Jegan Raj

looking for undefined value in an authority object

June 22, 2016, 1:12 am
$
0
0

Hi,

I am looking for Roles where special values of an authority objects are not defined. How do I fill the fields in a report for a complex search for roles?

 

Example: I start the Report S_BCE_68001423 (Roles by complex selection criteria - by authority values). The object I am looking for is the object G_800S_GSE. What should I enter in the field BRGRU (Authority Groups) when I am looking for roles where the value BRGRU is not defined?

 

Regards

Authorization Object

June 12, 2016, 9:07 pm
$
0
0

Hi gurus ,

Now I am Created a one Authorization class text i am giving Class for MM(Module) and i created while i loged in as EN.

But if i loged in DE the text shows empty. What is the solution for this.?? Hope someone sometime done this.. Thanks in Advance

Overcome authorization check to delete PR

June 22, 2016, 6:55 am
$
0
0

Hi Experts,

 

    We have a scenario where the access to change NB type PR is restricted to the users whereas they are given with ME51N/ME52N tcode access for other type PRs. The NB type PRs are getting created in SAP system from an external system. Sometimes incorrect PRs will be created which needs to be deleted. We tried to develop a custom transaction with the BAPI_REQUISITION_DELETE, but the authority check for NB type is preventing the closure of PR. Kindly advice how to overcome this authorization check and close the PR from the custom transaction.

 


Thanks!

KuppingerCole Analyst: Real Time Protection of SAP Landscapes

June 22, 2016, 8:47 am
$
0
0

Hi,

 

there is a white paper on Real Time Protection of SAP Landscapes of KuppingerCole.

 

Content (extract)

  • Explaining the change in cyber-attackers and cyber-attack patterns, targeting core business systems and critical industries
  • Cyber-risks becoming business risks, requiring risk mitigation processes that are connected to Enterprise Risk Management and Enterprise GRC
  • Overview of a comprehensive cyber-risk incident management and response process
  • The role Real Time Security Intelligence (RTSI) plays in mitigating cyber-risks
  • SAP Enterprise Threat Detection (ETD) as a RTSI solution for SAP environments and beyond

 

Link to white paper: http://go.sap.com/documents/2016/06/d6df83ea-777c-0010-82c7-eda71af511fa.html

 

Regards

Matthias

SAP Enterprise Threat Detection

September 30, 2014, 2:59 am
$
0
0

 

 

Overview

The interconnected nature of modern business systems means that successful companies with critical business on SAP software must effectively manage exposure to external and internal threats. SAP Enterprise Threat Detection helps you identify the real attacks as they are happening and analyze the threats quickly enough to neutralize them before serious damage occurs.

 

SAP Enterprise Threat Detection leverages SAP HANA to efficiently monitor SAP software-centric landscapes. It allows you to perform real-time analysis and correlation of the vast quantity of log data that SAP and non-SAP systems generate.

 

 

 

 

 

Getting Started

 


SAP Runs SAP

Learn more from SAP’s Global IT team members sharing their knowledge and experiences about how SAP Runs SAP. The following blog series gives you some insights about how SAP runs the new solution SAP Enterprise Threat Detection to protect our business systems:

 

How SAP runs SAP Enterprise Threat Detection

ETD: From Alert To Investigation

Detect and React with SAP Enterprise Threat Detection

 

 

Blogs Provided by Partners

Trend Micro: Trend Micro integration with SAP Enterprise Threat Detection

FireEye: Integrating SAP Enterprise Threat Detection with FireEye

HPE: SAP Enterprise Threat Detection integrated into Hewlett Packard Enterprise ArcSight

Schoenhofer: ETD for non-SAP

Schoenhofer: Finding abnormal activities

Schoenhofer: Network Threats on the example of Advanced Persistent Threats

 

 

Stay tuned for more!KuppingerCole Analyst: Real Time Protection of SAP Landscapes

Search

How can i activate TLS 1.1+ on SAP AS JAVA 7.31 client-side?

July 2, 2015, 7:57 am
$
0
0

I only know sap note"510007 - Setting up SSL on Application Server ABAP".

 

If i apply the informations of this note to AS JAVA,

 

 

"The built-in defaults for the client-side enables only SSLv3 + TLSv1.0 for SAPCRYPTO 5.5.5pl28+ and CommonCryptoLib 8, corresponding to client-side protocol version flags (128+64) = 192.  It is recommended to request TLS protocol version TLSv1.1 and TLSv1.2 with the flags "Best" and "NO_GAP", because only the latter is future-friendly and is fully compatible with older libraries."

 

 

i have to set the following sap profile parameters, like for example:

 

ssl/ciphersuites = 135:HIGH:MEDIUM:+e3DES

ssl/client_ciphersuites = 198:HIGH:MEDIUM:+e3DES

 

Unfortunately the AS Java already "requesting version 3.1..."

 

I suspect that these sap profile parameters don't work for AS JAVA?

 

Any experiences?

Any ideas?

 

Thanks in advance,

Matthias

 

- SAP NW PO 731 SPS12 (AS JAVA only)

- Currently we use CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.37 pl40 (May 12 2015) MT-safe.

- Kernel = 721_EXT 64Bit Patch 300

Authorization not working for HRPBSIN_AC_ACRP

July 13, 2016, 5:19 am
$
0
0

Dear Friends,

 

We've set authorization for T-Code HRPBDIN_AC_ACRP. But a person X eligible to view only Personnel area ABCD, can also view  other Personnel areas Advanced claims application as well.

How to check the same?

 

Regards,

Niladri

how to configure VSI for XSS

July 14, 2016, 6:55 am
$
0
0

hi here.

have a question.

We was configured VSI 2.0 for SAP NW AS JAVA. Got this windows and understand - all work, VSI successfully detect EICAR test virus.


Anybody can help - how we can start(reconfigure) VSI for he start detecting simple XSS.

Безымянный.png

 

thank you.

Rename User ID in Production

July 23, 2015, 1:32 pm
$
0
0

Hi,

 

Appreciate if you can guide me to rename a user ID in SAP Production without effecting the his roles.

I do not want to create new user & copy the previous one.

 

Thank you,

SU24_AUTO_REPAIR:Complete Missing modification flag in SU24

July 13, 2016, 11:18 am
$
0
0

Hi All,

 

 

Could you suggest, whether i should execute program SU24_AUTO_REPAIR:Complete Missing modification flag in SU24, before or after upgrade. And more importantly, how do i check, the missing modification flag.

 

I have referred the relevant notes, but could not find the flag(in tables) impacted

 

Regards

SF

IT support role

July 13, 2016, 11:49 pm
$
0
0

Hi Team,

 

We have a created a only one IT support role in Production system for all the Modules  only display access or Is it good to create display role to the respective modules .

 

Please suggest me what would be drawbacks if we create only one IT support display role for all the modules.

Featured Content in Security

March 29, 2012, 3:23 am
$
0
0

Replay of Broadcast: Bitcoin/Blockchain: Hype or Hope for a New Secure Cryptocurrency?

Listen to the replay of the recent broadcast “Bitcoin/Blockchain: Hype or Hope for a New Secure Cryptocurrency?” with Gerlinde Zibulski, Head of SAP Product Management Security, and other security experts. Listen now. July 15, 2016

 

SAP Enterprise Threat Detection 1.0 SP04 Now Available

SAP just released the latest support package for SAP Enterprise Threat Detection 1.0. SP04 brings not only new attack detection patterns, developed in the forensic lab in the way you already know (ETD Patterns), but also two new types: ETD Security Notes Patterns and ETD Anomaly Patterns. For more information, read Martin Plummer’s blog. July 1, 2016

 

KuppingerCole Analysts: Real Time Protection for SAP environments and beyond

With ever-increasing cyber attacks, organizations must move beyond preventative actions toward detection and response, which apply beyond network and operating system levels. Consider how these preventives involve business systems such as SAP software: identifying, analyzing, and responding to threats for protecting core business systems. Read the KuppingerCole report. June 23, 2016

 

http://scn.sap.com/people/regine.schimmer/avatar/46.png?a=1166

SAPinsider Journal: Focus on SAP Security

The current issue of the SAPinsider professional journal puts a strong focus on security in the SAP world, highlighting different aspects such as risk mitigation, cyber security, and the internal “SAP runs SAP secure” approach. Read more in Regine Schimmer’s blog highlighting each article. June 16, 2016

Search

How can we give read only access for enitre account for a user?

July 15, 2016, 1:26 am
$
0
0

Hi all,

 

I am facing one issue in my project i.e,

 

one user gave reference ID to create account in SAP and she said that the reference user has both read and write access

use that user as reference to create my account in SAP and also she mentioned I should be able to access all transactions what reference is using and I want those transactions in read only/ display state.

 

Kindly please help me to resolve this problem...

 

Note: we can't make a new role for all those transaction codes what reference has.

 

Thanks in advance,

Naveen Majety.

Display transaction access for all SAP modules?

July 16, 2016, 3:31 am
$
0
0

Hi All,

 

I would like to know SAP best practice to provide display/reporting transaction access to end users for ECC modules (MM/SD/FI/CO/QM/PP)

 

Do we need to create separate display roles and one display role for all tasks while implementing Security roles ?

 

Eg. SD display and Maintain roles:-

 

different display roles for all below SD tasks or a single display role with below tasks

 

Pricing Display

Output Display

Contract Display

Master Data Display

Credit Mgmt Display

Sales Order Display

 

Maintenance roles for SD tasks

Pricing Maintenance

Output Maintenance

Contract Maintenance

Master Data Maintenance

Credit Mgmt Maintenance

Sales Order Maintenance

 

 

Regards

Shradha

Logs in client copy

July 14, 2016, 6:50 am
$
0
0

Hi all,

 

I need to know which logs that are generated in a client copy (SCC9).

 

In he both client, origin and the destination (that did the start process).

 

Rgds.

Viewing all 2858 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>